{"id":2479,"date":"2024-01-31T23:05:07","date_gmt":"2024-01-31T23:05:07","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=78983"},"modified":"2024-01-31T23:05:07","modified_gmt":"2024-01-31T23:05:07","slug":"pentagon-investigating-theft-of-sensitive-files-by-ransomware-group","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/01\/31\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group\/","title":{"rendered":"Pentagon investigating theft of sensitive files by ransomware group"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v21.7 (Yoast SEO v21.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Pentagon investigating theft of sensitive files by ransomware group | CyberScoop<\/title> <meta name=\"description\" content=\"The ransomware group ALPHV is threatening to leak data obtained from a Virginia IT services company that contracts with the U.S. military.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/technica-pentagon-alphv-ransomware\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Pentagon investigating theft of sensitive files by ransomware group\"> <meta property=\"og:description\" content=\"The ransomware group ALPHV is threatening to leak data obtained from a Virginia IT services company that contracts with the U.S. military.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/technica-pentagon-alphv-ransomware\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-01-31T23:05:07+00:00\"> <meta property=\"article:modified_time\" content=\"2024-01-31T23:57:08+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1045\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1706643139g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css,\/wp-content\/plugins\/embedpress\/Gutenberg\/dist\/blocks.style.build.css?m=1706739156\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-content\/plugins\/embedpress\/assets\/css\/embedpress.css,\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1706739156\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=b50a7fc68d02387a0cbc\" media=\"all\">\n<link rel=\"stylesheet\" id=\"all-css-10\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-includes\/css\/dashicons.min.css,\/wp-content\/plugins\/embedpress\/assets\/css\/plyr.css?m=1706739156\" type=\"text\/css\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/78983\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=78983\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftechnica-pentagon-alphv-ransomware%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftechnica-pentagon-alphv-ransomware%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-78983 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/technica-pentagon-alphv-ransomware\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.648897058824\">\n<div class=\"single-article__header-content\" readability=\"30.461538461538\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The ransomware group ALPHV is threatening to leak data obtained from a Virginia IT services company that contracts with the U.S. military. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"348\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group.jpg?resize=640%2C348&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group-2.jpg?resize=300,163 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group-2.jpg?resize=768,418 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group-2.jpg?resize=1024,557 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group-2.jpg?resize=1536,836 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group-2.jpg?resize=600,327 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group-2.jpg?resize=1200,653 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group-2.jpg?resize=1500,816 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (Tippapatt\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"42.498000499875\"><body readability=\"86.990862671325\"><\/p>\n<p>The Department of Defense office responsible for background investigations is working with law enforcement to examine claims by a prolific ransomware group that they have stolen documents containing sensitive data related to the U.S. military, a Pentagon spokesperson told CyberScoop. <\/p>\n<p>The ransomware group known as <a href=\"https:\/\/cyberscoop.com\/tag\/alphv\/\">ALPHV<\/a> or <a href=\"https:\/\/cyberscoop.com\/\">BlackCat<\/a>, said early Tuesday that they had stolen and threatened to leak 300 gigabytes of data from Technica, a Virginia-based IT services company that describes itself as working with the federal government and \u201ctheir mission to support, to defend and protect America\u2019s citizens.\u201d <\/p>\n<p>The company did not respond to multiple emails seeking comment and could not be reached by phone. <\/p>\n<p>By allegedly breaching Technica, ALPHV claimed to have obtained data related to the Defense Counterintelligence and Security Agency, which carries out background investigations and insider threat analyses. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThe Defense Counterintelligence and Security Agency is aware of the allegations of this incident and is coordinating with the appropriate law enforcement and security officials to address concerns,\u201d Sue Gough, a Defense Department spokesperson, told CyberScoop in an email. \u201cWe will not comment on any cleared facility\u2019s security posture or any specific security incidents.\u201d<\/p>\n<p>To back up its claim, ALPHV posted more than two dozen screenshots of purportedly stolen documents featuring the names, social security numbers, clearance levels and roles and work locations of dozens of people.<\/p>\n<p>The screenshots include billing invoices, contracts for entities ranging from the FBI to the U.S. Air Force and information related to private entities and facilities who contract with the U.S. government.<\/p>\n<p>\u201cIf Technica does not contact us soon, the data will either be sold or made public,\u201d the group wrote in a message posted alongside the documents.<\/p>\n<p>Gough declined to specifically comment on any of the purported documents. The FBI declined to comment, and the Air Force did not respond to a request for comment.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Allan Liska, a ransomware researcher with Recorded Future, said that while claims by ransomware groups should be taken with a grain of salt, the apparent breach by ALPHV appears to be \u201cvery serious.\u201d <\/p>\n<p>\u201cEven if there aren\u2019t classified documents per se, there is a lot of sensitive data that can be garnered from even confidential or sensitive documents,\u201d Liska said, adding that the kind of information shared in the screenshots \u201ccould be used by nation state actors for targeting.\u201d<\/p>\n<p>ALPHV operates a ransomware-as-a-service operation, whose \u201caffiliates\u201d use the group\u2019s malware and platform to carry out attacks and split the proceeds from successful ransomware and data extortions. The group has compromised more than 1,000 entities as of September 2023, <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/12\/19\/cisa-and-fbi-release-advisory-alphv-blackcat-affiliates\">according to the FBI<\/a>. The Department of Justice has described the group as the world\u2019s second-most prolific ransomware operation in the world, responsible for extorting hundreds of millions of dollars from its victims. <\/p>\n<p>Though the exact nature of the group\u2019s involvement remains unclear, ALPHV <a href=\"https:\/\/cyberscoop.com\/las-vegas-mgm-caesars-cyber-attack\/\">was linked<\/a> to the September 2023 extortion attack on MGM Resorts and Caesars Entertainment, in what is among the group\u2019s most high-profile incidents to-date. <\/p>\n<p>In December, the FBI and a host of international partners claimed to have seized ALPHV infrastructure. Hours later the <a href=\"https:\/\/cyberscoop.com\/fbi-seizes-alphv-leak-website-hours-later-ransomware-gang-claims-it-unseized-it\/\">group said it had \u201cunseized\u201d the site<\/a> and said it had lifted restrictions on targeting critical infrastructure. Experts were quick to note that the group had, in fact, already been involved in attacks on critical infrastructure.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The site remains active with multiple victims currently listed.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"0.98387096774194\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/pentagon-investigating-theft-of-sensitive-files-by-ransomware-group-1.jpg?w=640&#038;ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/technica-pentagon-alphv-ransomware\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pentagon investigating theft of sensitive files by ransomware group |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1466,950,1327,282,1351,323,669],"tags":[1467,955,1328,286,1353,327,671],"class_list":["post-2479","post","type-post","status-publish","format-standard","hentry","category-air-force","category-alphv","category-black-cat","category-cybercrime","category-department-of-defense-dod","category-extortion","category-federal-bureau-of-investigation-fbi","tag-air-force","tag-alphv","tag-black-cat","tag-cybercrime","tag-department-of-defense-dod","tag-extortion","tag-federal-bureau-of-investigation-fbi"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/air-force\/\" rel=\"category tag\">Air Force<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/alphv\/\" rel=\"category tag\">ALPHV<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/black-cat\/\" rel=\"category tag\">Black Cat<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-defense-dod\/\" rel=\"category tag\">Department of Defense (DOD)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/extortion\/\" rel=\"category tag\">extortion<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a>","tag_info":"Federal Bureau of Investigation (FBI)","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2479","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2479"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2479\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}